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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 03 June 2009 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1,2.4 and 9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1,2,4 and 9 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

This action is in response to the papers filed 6/03/2009. 



Response to Arguments 

Applicant's arguments that Winneg is not interactive in that there is no inquiry 
regarding allowed applications or information no comparison of the inquiry IDs to stored 
IDs and no granting of access to allowed applications, is not persuasive. Winneg clearly 
discloses figure 10 and column 19 lines 10-16 i.e. for each process detected in Act 304, 
Act 306 may include accessing this authorized process list and comparing the detected 
process (inquiry ID) to each authorized process included in the list (stored ID). Act 306 
may include looping through the authorized process list until a match to the detected 
process is found or until the end of the authorized process list. Finding a match 
indicates that the process is authorized (granting access). 



Claim Rejections - 35 USC § 102 

Claims 1, 2, 4 and 9 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Winneg et al (US 7,165,269). 

With respect to claim 1 , a process for controlling the application that a computer 
user my run on a multi-user system, comprising the steps of: 

Automatically using a security executable on the multi-user system (see column 
4 lines 8-18 workstation of a computer lab) in user mode to create a list of authorized 
application in a database of the multi-user system for computer user when the computer 



Application/Control Number: 10/076,948 Page 3 

Art Unit: 2432 

user logs on to the multi-user system (see column 18 lines 47-56 i.e. A list of processes 
authorized to be executed on the computer system may be maintained, for example, as 
part of the method 100. Such a list may be maintained in any of a variety of ways, for 
example, by storing the list in one or more registers, by representing the list using one 
or more abstraction implemented using a programming language, or by storing the list in 
a file such as a text file); 

attaching a hook function in user mode to all new applications (see column 12 
lines 43-59); employing the hook function whenever a new application is started to send 
a message to the security executable in user mode (see column 12 lines 43 column 13 
line 2), said message including a process id and path of the new application (see 
"SetWindowsHookEx" reference, Dietmoday inherent in windows to 
SetWindowsHookEX function parameter dwThread ID ); receiving said message from 
the hook function at the security executable and correlating to said list to determine 
whether the new application is authorized or not (see figure 1 0 and column 1 9 lines 1 0- 
16); answering the message by the security executable when the new application is 
authorized to indicate so (see column 13 lines 3-20); stopping the new application when 
the new application is not authorized (see column 19 lines 53-57). 

With respect to claim 2, a software system for controlling the applications that a 
computer user may run on a multi-user system, comprising: 

a security executable in user mode for creating a list of authorized applications in 
a database of the multi-user system for the computer user (see column 18 lines 47-56 
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i.e. A list of processes authorized to be executed on the computer system may be 
maintained, for example, as part of the method 100. Such a list may be maintained in 
any of a variety of ways, for example, by storing the list in one or more registers, by 
representing the list using one or more abstraction implemented using a programming 
language, or by storing the list in a file such as a text file); a hook function which is 
automatically attached to all new applications in user mode when the computer user 
logs on to the multi-user system; meant for querying an ID of each said new application 
(see column 12 lines 43-59); 

means for sending a message with the application ID and the path of the 
application being examined, using said security executable (see column 18 lines 47-56), 
means for retrieving retrieve the ID of each new application from said first program 
module (see figure 10 and column 19 lines 10-16), means for terminate each new 
application not identified on said list of allowed applications, and answering a message 
from said first program molule when the application is identified on said list of allowed 
applications (see column 19 lines 53-57). 

With respect to claim 4, wherein said first program module is attached to said 
new processes by tying into the USER32 using the system dynamic link library (see 
column 13 lines 21-29). 

With respect to claim 9, comprising the steps of: using a security executable on 
the multi-user system in user mode to create and maintain a list of authorized 
applications in a database of the multi-user system and IDs for each computer user 
when the computer logs on to the network (see column 18 lines 47-56); attaching a 
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hook function to all new applications (see column 12 lines 43-59); monitoring all new 
applications that are started with the hook function and determining an application ID 
thereof (see figure 1 0 and column 1 8 line 27 - column 1 9 line 57); receiving said 
application ID from the hook function by the security executable (see 
"SetWindowsHookEx" reference, Dietmoday inherent in windows to 
SetWindowsHookEX function parameter dwThreadID ); determining whether the 
application ID of each started application is on said list (see column 13 lines 3-20); 
allowing said application to continue when its application ID is on the list (see column 13 
lines 3-20); terminating said application when its application ID is not on the list (see 
column 19 lines 53-57). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Devin Almeida whose telephone number is 571-270- 
1018. The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 
6:00 P.M. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. 

/Devin Almeida/ 
Examiner, Art Unit 2432 



/Gilberto Barron Jr./ 

Supervisory Patent Examiner, Art Unit 2432 



